L’équipe e-Adapt organise un mini-séminaire sur les travaux menés dans l’équipe utilisant les LLM pour la cybersécurité. Le mini-séminaire aura lieu le mardi 8 avril à 14h.
À cette occasion, il y aura 2 présentations (voir résumés plus bas) :
- 14h-14h40 : Alaeddine Diaf, doctorant à l’Université de Annaba ayant collaboré avec des membres de l’équipe, nous présentera le travail intitulé « BARTPredict: Empowering IoT Security with LLM-Driven Cyber Threat Prediction » [1]
- 14h40-15h20 : Amine Tellache, doctorant e-Adapt, nous présentera le travail intitulé « Advancing Autonomous Incident Response: Leveraging LLMs and Cyber Threat Intelligence » [2]
------------------------------------------------
- A. Diaf, A. A. Korba, N. Elislem Karabadji and Y. Ghamri-Doudane, "BARTPredict: Empowering IoT Security with LLM-Driven Cyber Threat Prediction," GLOBECOM 2024 - 2024 IEEE Global Communications Conference, Cape Town, South Africa, 2024, pp. 1239-1244, doi: 10.1109/GLOBECOM52923.2024.10901770.
Abstract : The integration of Internet of Things (IoT) technology in various domains has led to operational advancements, but it has also introduced new vulnerabilities to cybersecurity threats, as evidenced by recent widespread cyberattacks on IoT devices. Intrusion detection systems are often reactive, triggered by specific patterns or anomalies observed within the network. To address this challenge, this work proposes a proactive approach to anticipate and preemptively mitigate malicious activities, aiming to prevent potential damage before it occurs. This paper proposes an innovative intrusion prediction framework empowered by Pre-trained Large Language Models (LLMs). The Framework incorporates two LLMs: a fine-tuned Bidirectional and AutoRegressive Transformers (BART) model for predicting network traffic and a fine-tuned Bidirectional Encoder Représentations from Transformers (BERT) model for evaluating the predicted traffic. By harnessing the bidirectional capabilities of BART the framework then identifies malicious packets among these predictions. Evaluated using the CICIoT2023 IoT attack dataset, our framework showcases a notable enhancement in predictive performance, attaining an impressive 98% overall accuracy, providing a powerful response to the cybersecurity challenges that confront IoT networks.
- Advancing Autonomous Incident Response: Leveraging LLMs and Cyber Threat Intelligence
Abstract : Effective incident response (IR) is critical for mitigating cyber threats, yet security teams are overwhelmed by alert fatigue, high false-positive rates, and the vast volume of unstructured Cyber Threat Intelligence (CTI) documents. While CTI holds immense potential for enriching security operations, its extensive and fragmented nature makes manual analysis time-consuming and resource-intensive. To bridge this gap, we introduce a novel Retrieval-Augmented Generation (RAG)-based framework that leverages Large Language Models (LLMs) to automate and enhance IR by integrating dynamically retrieved CTI. Our approach introduces a hybrid retrieval mechanism that combines NLP-based similarity searches within a CTI vector database with standardized queries to external CTI platforms, facilitating context-aware enrichment of security alerts. The augmented intelligence is then leveraged by an LLM-powered response generation module, which formulates precise, actionable, and contextually relevant incident mitigation strategies. We propose a dual evaluation paradigm, wherein automated assessment using an auxiliary LLM is systematically cross-validated by cybersecurity experts. Empirical validation on real-world and simulated alerts demonstrates that our approach enhances the accuracy, contextualization, and efficiency of IR, alleviating analyst workload and reducing response latency. This work underscores the potential of LLM-driven CTI fusion in advancing autonomous security operations and establishing a foundation for intelligent, adaptive cybersecurity frameworks.
